Is it possible to have a false "false positive"?

i bought a chinese telephone recording device (through pc’s line-in). I received a cd with one application file (software + drivers) i checked it online using virustotal.com (SHA1=90a07246e5cc82b4b7c9eb474a3f872ea6d136de625d50cc5063ae004f1d4be5).
The file was already scanned at 17/12/2013 at that time it was found positive by 11 engines including avast. I chose to reanalyze it today and avast found it clean (the only one engine that change the result from positive to clean) while 3 more engines found it positive. My question:

False positives do exist but is it possible avast to have a false “false positive”?? Or avast was the only engine that did an accurate analyze and concluded correctly that it was a false positive and so is save to run it ?
(i can upload the file, it is a 10MB file)

Could you provide links to each virustotal scan? ???

It’s known as a False Negative, it it’s not detected (or was detected before and was malicious)

It would shed more light, if you provided the VT scan results as Para-Noid mentioned earlier.

He has already given…if you know where to look :wink:

https://www.virustotal.com/nb/file/90a07246e5cc82b4b7c9eb474a3f872ea6d136de625d50cc5063ae004f1d4be5/analysis/

Seems it may be a PUP
First submission 2012-08-31 16:18:00 UTC ( 1 år, 4 måneder siden )

I am not sure if virustotal retains old scans. The last result is the one mentioned by Pondus

i saved locally the old result, i am putting as attacments 2 jpg files of that hml page

I don’t think I would run the file.
It doesn’t look to be safe at all.

That was my first thought, on the other hand for avast to change its results from a positive to a clean file I suppose someone investigated it and found it clean or am I misunderstanding something?

Thanks for the advice Para-Noid, i am not planning to run it unless i get a clear answer about it. It is kind of coming to a point where either avast is doing much better work than others, investigated and found it clean or the opposite, ending up with a false positive result while the file is indeed malware.

If it is PUP that means that by itself is not malicious right? but is it certain that it is not something beyond PUP?

A “PUP” is just that…a potential unwanted process. A “PUP” could be either good or bad. The keyword is “potential”.

Given the results of multiple scanners is the reason I would consider the file unsafe.
Irregardless of the “avast” result. Knowing that not one single antivirus has one hundred percent detection rate
could mean that avast might have missed something. avast does have a detection rate of over ninety eight percent.
There is still that little over one percent that still gets through.

That said I still put a huge amount of trust on avast for my primary protection.

Here is the latest chart from AV-Comparatives.
avast is second from the left. Not bad at all.